Privacy Policy

OCR SERVICES INC. PRIVACY POLICY

COLLECTION OF PERSONAL DATA

You may choose to provide personal information (for example your name, address, telephone number and email address) on this or other OCR websites, however not providing this may result in reduced functionality. OCR’s usage of this information will be consistent with this policy or the policy associated with the applicable OCR site.

Most of the data that we handle is not collected by OCR, but by rather through the relationships we have with customers and other third parties. For data not collected by OCR, we are a data-processor, and for data collected by OCR, we are a data-controller. OCR collects data to service its customers and to enable them to use OCR’s products and services, such as when certain data is input and stored in our EASE application that is required for the customer to use the EASE platform. In some cases, this data is provided directly, such as when a customer creates a EASE account, contacts us for support or a sales inquiry, or fills out a form on our website, OCR also collects some data indirectly, as mentioned earlier, by use of technologies such as cookies.

The personally identifiable information that OCR collects includes:

First and Last Name

A Home or Mailing Address

An Email Address

A Telephone Number

An IP Address

Business Contact Information

Personally identifiable information may also include data pertaining to a customer’s employees, business partners, vendors, contact people, or other authorized users of OCR’s products or services.

CHILDREN’S PRIVACY

This website is not directed to children under the age of thirteen and we do not knowingly collect personal information from children under the age of thirteen on this site or other OCR sites. If we become aware that we have inadvertently received personal information from a visitor under the age of thirteen, we will delete the information from our records.

USE OF COOKIES AND SIMILAR TECHNOLOGIES

Like most websites and companies, we use cookies on our websites. We collect certain aggregate and non-personal information through a variety of technologies when you visit this website. Aggregate and non-personal information does not relate to a single identifiable visitor. It tells us such things as how many users visited our site and the pages accessed. By collecting this information, we learn how to best tailor our website to our visitors. Unless you disable such technologies, by using our website and online services, you agree that we can place these types of cookies and related technologies on your device. We explain below how you can manage your choices and opt-out of the collection of such aggregate information.

Essential Cookies:
Some cookies serve an essential function and the websites cannot work properly without them. Where such essential cookies are used, they cannot be disabled.

Browser and Flash Cookies:
Other cookies serve a functional purpose and improve the user experience of the websites. We use browser and Flash cookies to tell us, for example, whether you’ve visited us before, and to help us identify site features in which you may have the greatest interest. Browser and Flash cookies may enhance your online experience by saving your preferences while you are visiting a particular site so that you do not need to reset them each time you visit the website. Neither Browser nor Flash cookies can identify you as an individual. You can decline any Browser cookie through your browser however, without Browser cookies you may not be able to take full advantage of all our website features. Similar to Browser cookies, you may not be able to take full advantage of all website features once you have disabled Flash cookies.

Web Beacons:
Some types of cookies collect aggregate information which help us to improve our websites by providing information, for example, on loading errors and the most visited webpages. Certain pages on our site may contain web beacons (also known as Internet tags, pixel tags and clear GIFs). OCR uses web beacons to help display content to visitors and to generate statistics regarding web traffic and trends. Web beacons cannot identify you as an individual.

USE OF PERSONAL INFORMATION

We may use the personal information collected about you for the following purposes:

Provide, administer and communicate with you about products, services, events, surveys and promotions by OCR or our affiliates (including by sending you marketing communications);

Process, evaluate and respond to your requests, inquiries and applications; Create, administer and communicate with you about your account (including any purchases and payments); Provide investor services; Verify your identity to ensure security for the other purposes listed here; Evaluate your interest in employment and contact you regarding possible employment; Operate, evaluate and improve our business (including developing new products and services; managing our communications; performing market research; determining and managing the effectiveness of our advertising and marketing; analyzing our products, services and websites; administering our websites; and performing accounting, auditing, billing, reconciliation and collection activities); Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality; Conduct investigations and comply and enforce applicable legal requirements or, industry standards and our policies and terms, such as this and other OCR sites’ terms of use; and Ensure the safety of OCR network services, information resources and

To conduct automated marketing activities including email, lead assignment to sales resources, and automated response email messages to form OCR will never conduct automated marketing activities to contacts who have not opted in to receiving marketing emails. We also may use personal information for other additional purposes. We will identify these additional purposes at the time of collection.

We also may use personal information for other additional purposes. We will identify these additional purposes at the time of collection.

SHARING AND TRANSFERRING OF YOUR PERSONAL INFORMATION

Sharing & Transfers

We do not sell or otherwise disclose personal information about our website visitors outside OCR and its affiliates, except as described here.

We may share information provided by our visitors to this and other OCR sites with service providers we have retained to perform services on our behalf. These service providers are contractually restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements. OCR and its sites use a third party marketing platform, Hubspot. We use Hubspot to perform marketing activities such as emails, coordinate sales activities, host landing pages, record requests for demos or product information, newsletter sign ups via forms, and track traffic and engagement. OCR and its sites also use Google Analytics to track traffic and engagement. Traffic measurement and services used on the site may use the collected web site usage information for, among other purposes, gathering information about visitors’ interactions with the site, such as which links are clicked on or which pages are visited. OCR also retains a third party provider, iLand, to store data on its servers and a third party provider, WordPress, which provides the framework and engine for our websites.

We may disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials as required to comply with a legitimate legal request, or (iii) when we believe disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity.

We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including through bankruptcy).

TRANSMISSIONWe may transmit the personal information we collect on this site or other OCR sites to other countries where we do business, including for websites accessed in the European Union, to the US, but we will do so only for the purposes described herein.

SENSITIVE PERSONAL DATA

At OCR we will never collect nor process the following types of sensitive data:

Race of Ethnic Origin

Political Opinions

Religious or Philosophical Beliefs

Trade Union Memberships

Genetic or Biometric Data

Health or Mortality

Sex Life or Sexual Orientation

HOW WE PROTECT YOUR INFORMATION?

At OCR, our goal is to protect your personal information submitted to us through our sites. We maintain administrative, technical and physical safeguards to protect against unauthorized disclosure, use, alteration or destruction of the personal information you provide on this and other OCR websites. We also employ reasonable technologies to help keep the personal information you provide on this site secure.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our online information practices. When changes are made to this policy it will be posted to the website and the “last updated” date at the top of this policy will be revised. We also encourage users to periodically check this policy to understand how OCR protects and uses your information.

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83 permits individuals that are California residents to request certain information regarding our disclosure of personal information to third parties for sch third parties’ direct marketing purposes. IF you are a California resident and would like to make such a request, contact us at privacy@ocr-inc.com.

LINKS TO OTHER SITES

We provide links to other websites for your convenience and information. These sites may have their own privacy statements or policies in place, which we recommend you review if you visit any linked websites. We are not responsible for the content of linked sites or any use of the sites.

HOW TO CONTACT US

If you have any questions or comments about this Privacy Policy, please contact us by emailing privacy@ocr-inc.com.

HOW CAN YOU VERIFY AND UPDATE YOUR INFORMATION?

You may check your information to verify, update, or correct it, and to have any obsolete information removed. If you created a user account on our EASE platform, you can access and change your user profile yourself. You can also ask to review any of the information that we have retained, how we have used it, and to whom we have disclosed it at any time by contacting us as indicated above under the heading “How to Contact Us”. Subject to certain exceptions prescribed by law, and provided we can authenticate your identity, you will be given reasonable access to your personal information, and will be entitled to challenge the accuracy and completeness of the information and to have it amended as appropriate. You may also ask us to change your preferences regarding how we use or disclose your information, or let us know that you do not wish to receive any further communication from us.

Mobile Privacy Policy

Mobile Information We Collect

Personally identifiable information (e.g. name, email address) we collect consists only of what you share with us. For example, certain products may ask for this type of information so that we may contact you by phone or email at your request. You choose what, how, and when you want to share.

If you use any location-enabled products, you may be sending us location information. OCR does not store or use this information other than to provide the service you requested. For example, a mobile product may use GPS data to find a nearby restaurant you requested. Location-enabled features are opt-in and you have control over your participation and can turn these services off at any time.

Web-enabled mobile applications may use cookies or web beacons and other methods to customize your browsing experience. Please see OCR’s web privacy policy for more information.

Some mobile applications will utilize Google Analytics (or similar tool) to help us better serve our customers through improved products, services, and revisions to the mobile applications. This collected information will not identify you to OCR. It may, however, let us know anonymously, which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.

Use of 3rd party services such as social sharing sites (e.g., Facebook & Twitter) is governed by the privacy practices of those services. OCR does not capture or store your login information or other personally identifiable information for these services; however, session info or cookies may be stored.

MOBILE HOW WE USE COLLECTED INFORMATION

We use the information to personalize your experience with the application and to improve your overall experience including the development of new products, services, and features. We also use the information to provide customer support, and when applicable, register and administer your account. Additionally, we may use the information you provide to contact you about updates to our service.

Information you provide may be used to fulfill the service(s) or carry out the transaction(s) you have requested or authorized. For example, if you authorize a purchase through a mobile eCommerce application, we will use provided information to ship and bill you.

MOBILE INFORMATION SHARING

OCR does not share any collected information with 3rd parties with the following exceptions:

OCR may provide some personal data to third-party partners that are providing services essential to your mobile user experience.

All requests are sent through your mobile carrier’s network and your carrier may have access to it. Consult your carrier’s privacy policies for additional information.

Certain mobile products and services and manufacturers allow you to interact and share your information with others. For example, you may want to Tweet or post to your Facebook page content from an OCR mobile application. Consult your mobile device manufacturer, or mobile product or application developer’s privacy policies for additional information.

FOR EU AND SWISS INDIVIDUALS: PRIVACY SHIELD STATEMENT

OCR Services Inc. (“OCR”) complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. OCR Services Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability. If there is any conflict between the terms in this OCR Services Inc. Privacy Shield Policy (“Privacy Shield Policy”) and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

DEFINITIONS

“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.

“Personal Data” means any information relating to an individual residing in the European Union and Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.

“Data Controller” means a person (an individual, organization, other corporate or unincorporated bodies of persons) who, either jointly or in common with other persons, determines the purposes for which and that manner in which any personal data are, or are to be, processed.

“Data Processor” means any person (other than an employee of the data controller) who processes personal data on behalf of the data controller.

SCOPE AND RESPONSIBILITY

This Privacy Shield Policy applies to Personal Data transferred from European Union member countries and Switzerland to OCR Services Inc.’s operations in the U.S. in reliance on the respective Privacy Shield framework and does not apply to Personal Data transferred over Standard Contractual Clauses of any approved derogation from the EU Directive.

Some types of Personal Data may be subject to other privacy-related requirements and policies. For example:

OCR’s website has its own privacy policy.

Personal Data regarding and/or received from a client is also subject to any specific agreement with, or notice to, the client, as well as additionally applicable laws and professional standards.

This policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)

All employees of OCR that have access in the U.S. to Personal Data covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy. Adherence by OCR to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but Personal Data covered by this Privacy Shield Policy shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of OCR’s General Counsel.

COLLECTION OF PERSONAL DATA

Most of the data that we handle is not collected by OCR, but by rather through the relationships we have with customers and other third parties. For data not collected by OCR, we are a data-processor, and for data collected by OCR, we are a data-controller. OCR collects data to service its customers and to enable them to use OCR’s products and services, such as when certain data is input and stored in our EASE application that is required for the customer to use the EASE platform. In some cases this data is provided directly, such as when a customer creates a EASE account, contacts us for support or a sales inquiry, or fills out a form on our website, OCR also collects some data indirectly, as mentioned earlier, by use of technologies such as cookies.

The personally identifiable information that OCR collects includes:

First and Last Name

A Home or Mailing Address

An Email Address

A Telephone Number

An IP Address

Business Contact Information

Personally identifiable information may also include data pertaining to a customer’s employees, business partners, vendors, contact people, or other authorized users of OCR’s products or services.

PROCESSING OF PERSONAL DATA

Data Processor includes several activities. The only activity that OCR does is to store personal data provided by clients, for their use in EASE software, in Iland servers where Iland is a data sub processor who is also GDPR compliant. OCR customers transfer their personal data or enter personal data for which they are data controller in OCR’s software, EASE. OCR processes the data under the direction of the client using EASE software.

USE OF PERSONAL INFORMATION

We may use the personal information collected about you for the following purposes:

Provide, administer and communicate with you about products, services, events, surveys and promotions by OCR or our affiliates (including by sending you marketing communications);

Process, evaluate and respond to your requests, inquiries and applications; Create, administer and communicate with you about your account (including any purchases and payments); Provide investor services; Verify your identity to ensure security for the other purposes listed here; Evaluate your interest in employment and contact you regarding possible employment; Operate, evaluate and improve our business (including developing new products and services; managing our communications; performing market research; determining and managing the effectiveness of our advertising and marketing; analyzing our products, services and websites; administering our websites; and performing accounting, auditing, billing, reconciliation and collection activities); Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality; Conduct investigations and comply and enforce applicable legal requirements or, industry standards and our policies and terms, such as this and other OCR sites’ terms of use; and Ensure the safety of OCR network services, information resources and employees.

To conduct automated marketing activities including email, lead assignment to sales resources, and automated response email messages to form submissions. OCR will never conduct automated marketing activities to contacts who have not opted in to receiving marketing emails.

We also may use personal information for other additional purposes. We will identify these additional purposes at the time of collection.

PRIVACY SHIELD PRINCIPLES

OCR commits to subject to the Privacy Shields’ Principles all Personal Data received by OCR in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework.

NOTICEOCR notifies Data Subjects covered by this Privacy Shield Policy about its data practices regarding Personal Data received by OCR in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework, including the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the rights of Data Subjects to access their Personal Data, the choices and means that OCR offers for limiting its use and disclosure of such Personal Data, how OCR’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact OCR with any inquiries or complaints.

CHOICEIf Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, OCR will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: samir.singh@ocr-inc.com. OCR does not collect Sensitive Personal Data.

ACCOUNTABILITY FOR ONWARD TRANSFEROCR does not plan to transfer personal data to third parties that it processes in European member countries or Switzerland. In the event that OCR does transfer personal data, except as otherwise provided herein, OCR discloses Personal Data only to Third Parties who reasonably need to know such data and such recipients must agree to abide by confidentiality obligations. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by OCR and they must either:

comply with the Privacy Shield principles or another mechanism permitted by the applicable EU & Swiss data protection law(s) for transfers and processing of Personal Data;

or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this policy;

OCR also may disclose Personal Data to Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that OCR may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. OCR is liable for appropriate onward transfers of personal data to third parties.

SECURITYOCR takes reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the collection and the nature of the Personal Data. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to OCR’s electronic information systems requires multi-level user authentication via password or similar means. OCR also employs access restrictions, limiting the scope of employees who have access to Personal Data. OCR personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.

DATA INTEGRITY AND PURPOSE LIMITATIONOCR limits the processing of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. OCR does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject. OCR takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. OCR takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes OCR’s obligations to comply with professional standards, OCR’s business purposes and unless a longer retention period is permitted by law, and it adheres to the Privacy Shield Principles for as long as it retains such Personal Data.

RECOURSE, ENFORCEMENT, AND LIABILITYOCR’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.

In compliance with the Privacy Shield Principles, OCR commits to resolve complaints about your privacy and our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact OCR at: samir.singh@ocr-inc.com.

OCR has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield for more information and to file a complaint. The services of BBB EU Privacy Shield Program are provided at no cost to you.

Data Subjects have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Please see Annex 1 in the following link for more information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction. OCR agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. OCR acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.

CHANGES TO THIS PRIVACY SHIELD POLICY

This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be given.